GLSA-200503-27 : Xzabite dyndnsupdate: Multiple vulnerabilities

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.

Synopsis :

The remote Gentoo host is missing one or more security-related

Description :

The remote host is affected by the vulnerability described in GLSA-200503-27
(Xzabite dyndnsupdate: Multiple vulnerabilities)

Toby Dickenson discovered that dyndnsupdate suffers from multiple

Impact :

A remote attacker, posing as a server, could execute
arbitrary code with the rights of the user running dyndnsupdate.

Workaround :

There is no known workaround at this time.

See also :

Solution :

Currently, there is no released version of dyndnsupdate that contains a
fix for these issues. The original distribution site is
dead, the code contains several other problems and more secure
alternatives exist, such as the net-dns/ddclient package. Therefore,
the dyndnsupdate package has been hard-masked prior to complete removal
from Portage, and current users are advised to unmerge the package:
# emerge --unmerge net-misc/dyndnsupdate

Risk factor :

High / CVSS Base Score : 7.5

Family: Gentoo Local Security Checks

Nessus Plugin ID: 17588 (gentoo_GLSA-200503-27.nasl)

Bugtraq ID:

CVE ID: CVE-2005-0830